I'm software developer and i'm working on the GeoHot exploit (kernel module).
I'm porting it on latest PS3 Linux Kernel available on my PS3(Fat with FW 3.15) Linux system Yellow Dog 6.2 with kernel 2.6.29.3.

You maybe already know GeoHot has done the exploit on PS3 ubuntu 8.10 with kernel 2.6.25-2.3, but since kernel 2.6.27 the htab is not mapped anymore and the exploit is not anymore working and crash

Thanks for sharing I also spotted this problem and also problem with compilation such as get_irq_chip_data(20) in newer kernel its defined as function and gives you an error ".irq_to_desc not found" I replaced that with: get_irq_desc[20].chip_data;

@titanmkd, can you tell me what did you fix to load HTAB? I'm wating for my FPGA to be delivered on 3rd of Feb. also im not really familiar with linux architecture because i'm windows DEV and RE Thnx.

no i just mean that i can solder.. that i'm good in that and i can do anything with ps3... so just neeed to understand.. and how to program... board to 40ns.

You could probably make the circuit for a couple of quid (attached gif) if you don't have access to the components for free. I won't be trying it because tolerances of the components would probably make the pulse time swing wildly and I hate precision oscilloscopes with a passion to test the circuit.

The way I see it is you have to connect the point on the PS3 to ground only once and for 40 nS. I don't think a wave generator could do that as it will go from 0V to ±5/10/whatever Volts (unless it has a one shot function which you can trigger) but then I can only see it to be used to trigger an addition circuit.

Thanks for sharing I also spotted this problem and also problem with compilation such as get_irq_chip_data(20) in newer kernel its defined as function and gives you an error ".irq_to_desc not found" I replaced that with: get_irq_desc[20].chip_data;

@titanmkd, can you tell me what did you fix to load HTAB? I'm wating for my FPGA to be delivered on 3rd of Feb. also im not really familiar with linux architecture because i'm windows DEV and RE Thnx.

On Kernel 2.6.29.x the HTAB can be only fixed with patch on kernel, i'm working on it to do a clean thing with a kernel module service to retrieve l htab@ and i'm also do a huge cleanup in original GeoHot code with additional comments and removing all hard coded address.

I will post the source code of new exploit.c and kernel patch required when all will be clean and working (does anyone know how to post that on this website because i'm new user and I have no right to upload files ...).